1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
SECURITY; GNOME #447414; FEDORA-2007-0464; Debian #429876; fixes potential
negative array index usage in IMAP code (remote).
2007-06-14 Philip Van Hoof <pvanhoof@gnome.org>
* camel-imap-folder.c: Security bugfix. The sequence can be a negative
value while it is being used as the index of an array (#447414)
diff -Nur evolution-2.0.4/camel/providers/imap/camel-imap-folder.c evolution-2.0.4.new/camel/providers/imap/camel-imap-folder.c
--- evolution-2.0.4/camel/providers/imap/camel-imap-folder.c 2005-02-14 17:09:05.000000000 +0100
+++ evolution-2.0.4.new/camel/providers/imap/camel-imap-folder.c 2007-06-21 18:31:58.000000000 +0200
@@ -597,7 +597,7 @@
uid = g_datalist_get_data (&data, "UID");
flags = GPOINTER_TO_UINT (g_datalist_get_data (&data, "FLAGS"));
- if (!uid || !seq || seq > summary_len) {
+ if (!uid || !seq || seq > summary_len || seq < 0) {
g_datalist_clear (&data);
continue;
}
@@ -2682,7 +2682,7 @@
if (*response != '*' || *(response + 1) != ' ')
return NULL;
- seq = strtol (response + 2, &response, 10);
+ seq = strtoul (response + 2, &response, 10);
if (seq == 0)
return NULL;
if (strncasecmp (response, " FETCH (", 8) != 0)
|
